detect/flowint: harden code

Make sure packet has a flow.

Related to bug #2288.

diff --git a/src/detect-flowint.c b/src/detect-flowint.c
index eda0f17774b009a8e3ee4818d85b69a5b2498c17..2f5f5af92bd53c52ec2c75551716f3635edb9303 100644 (file)
--- a/src/detect-flowint.c
+++ b/src/detect-flowint.c
@@ -95,6 +95,9 @@ int DetectFlowintMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
     uint32_t targetval;
     int ret = 0;
 
+    if (p->flow == NULL)
+        return 0;
+
     /** ATM If we are going to compare the current var with another
      * that doesn't exist, the default value will be zero;
      * if you don't want this behaviour, you can use the keyword

diff --git a/src/flow-var.c b/src/flow-var.c
index d4506b9b03568b47b118347c97808aa88ddd8694..a92358f2714475ffa657e686c4a1670d4608d627 100644 (file)
--- a/src/flow-var.c
+++ b/src/flow-var.c
@@ -53,6 +53,9 @@ static void FlowVarUpdateInt(FlowVar *fv, uint32_t value)
  */
 FlowVar *FlowVarGetByKey(Flow *f, const uint8_t *key, uint16_t keylen)
 {
+    if (f == NULL)
+        return NULL;
+
     GenericVar *gv = f->flowvar;
 
     for ( ; gv != NULL; gv = gv->next) {
@@ -74,6 +77,9 @@ FlowVar *FlowVarGetByKey(Flow *f, const uint8_t *key, uint16_t keylen)
  */
 FlowVar *FlowVarGet(Flow *f, uint32_t idx)
 {
+    if (f == NULL)
+        return NULL;
+
     GenericVar *gv = f->flowvar;
 
     for ( ; gv != NULL; gv = gv->next) {